Patents by Inventor SHANE B. WEEDEN
SHANE B. WEEDEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11343341Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: GrantFiled: January 7, 2019Date of Patent: May 24, 2022Assignee: International Business Machines CorporationInventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 11153219Abstract: A method, system and computer-usable medium for web application aware rate-limiting. One embodiment of the system involves a computer-implemented method in which requests for a web application are receive from a plurality of client entities. When the received requests are to be rate-limited, a rate-limiting identifier is requested from a plug-in respectively associated with the web application. The plug-in generates the rate-limiting identifier, wherein the rate-limiting identifier is unique to the web application. The plug and sends the rate-limiting identifier to the rate-limiting engine, which uses the rate-limiting identifier to rate-limit passing of the received requests to the web application. In some embodiments, the rate-limiting identifier is generated as a hash value that is independent of IP address and header information data of the client making the request.Type: GrantFiled: August 20, 2018Date of Patent: October 19, 2021Assignee: International Business Machines CorporationInventors: Leo M. M. Farrell, Shane B. Weeden
-
Publication number: 20200059471Abstract: A method, system and computer-usable medium for web application aware rate-limiting. One embodiment of the system involves a computer-implemented method in which requests for a web application are receive from a plurality of client entities. When the received requests are to be rate-limited, a rate-limiting identifier is requested from a plug-in respectively associated with the web application. The plug-in generates the rate-limiting identifier, wherein the rate-limiting identifier is unique to the web application. The plug and sends the rate-limiting identifier to the rate-limiting engine, which uses the rate-limiting identifier to rate-limit passing of the received requests to the web application. In some embodiments, the rate-limiting identifier is generated as a hash value that is independent of IP address and header information data of the client making the request.Type: ApplicationFiled: August 20, 2018Publication date: February 20, 2020Inventors: Leo M. M. Farrell, Shane B. Weeden
-
Patent number: 10554641Abstract: A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.Type: GrantFiled: February 27, 2017Date of Patent: February 4, 2020Assignee: International Business Machines CorporationInventors: Leo M. M. Farrell, Jared R. Page, Shane B. Weeden
-
Publication number: 20190215314Abstract: A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.Type: ApplicationFiled: March 22, 2019Publication date: July 11, 2019Inventors: Leo M. M. Farrell, Jared R. Page, Shane B. Weeden
-
Publication number: 20190141154Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: ApplicationFiled: January 7, 2019Publication date: May 9, 2019Inventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 10237270Abstract: A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encrypted enrollment template to an enrollment template using an enrollment template key. The biometric server converts the biometric sample to a biometric template. The biometric server, based on determining that the biometric template is similar to the enrollment template associated with the user, sends an access token to the client device.Type: GrantFiled: September 29, 2016Date of Patent: March 19, 2019Assignee: International Business Machines CorporationInventors: Leo M. M. Farrell, Benjamin M. E. Martin, David P. Moore, Jasmine A. Smith, Shane B. Weeden
-
Patent number: 10225359Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: GrantFiled: September 22, 2016Date of Patent: March 5, 2019Assignee: International Business Machines CorporationInventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 10205723Abstract: A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encrypted enrollment template to an enrollment template using an enrollment template key. The biometric server converts the biometric sample to a biometric template. The biometric server, based on determining that the biometric template is similar to the enrollment template associated with the user, sends an access token to the client device.Type: GrantFiled: March 6, 2018Date of Patent: February 12, 2019Assignee: International Business Machines CorporationInventors: Leo M. M. Farrell, Benjamin M. E. Martin, David P. Moore, Jasmine A. Smith, Shane B. Weeden
-
Publication number: 20180248862Abstract: A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.Type: ApplicationFiled: December 27, 2017Publication date: August 30, 2018Inventors: Leo M.M. Farrell, Jared R. Page, Shane B. Weeden
-
Publication number: 20180248861Abstract: A credential associated with a username is received from a user. The credential is verified. A key identification and a first one-time password are received from a hardware token device. In response to validating the first one-time password, the username is linked to the key identification. A first access token and a first refresh token are generated. The first access token and the first refresh token are sent to the user.Type: ApplicationFiled: February 27, 2017Publication date: August 30, 2018Inventors: Leo M. M. Farrell, Jared R. Page, Shane B. Weeden
-
Publication number: 20180167388Abstract: A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encrypted enrollment template to an enrollment template using an enrollment template key. The biometric server converts the biometric sample to a biometric template. The biometric server, based on determining that the biometric template is similar to the enrollment template associated with the user, sends an access token to the client device.Type: ApplicationFiled: March 6, 2018Publication date: June 14, 2018Inventors: Leo M. M. Farrell, Benjamin M. E. Martin, David P. Moore, Jasmine A. Smith, Shane B. Weeden
-
Publication number: 20180091505Abstract: A biometric server receives, a transmission of a biometric sample and an encrypted enrollment template of the user from a client device, wherein the encrypted enrollment template comprises an encrypted mathematical representation of historical biometric data of the user, and wherein the biometric sample comprises a current snapshot of the biometric data. The biometric server decrypts the encrypted enrollment template to an enrollment template using an enrollment template key. The biometric server converts the biometric sample to a biometric template. The biometric server, based on determining that the biometric template is similar to the enrollment template associated with the user, sends an access token to the client device.Type: ApplicationFiled: September 29, 2016Publication date: March 29, 2018Inventors: Leo M. M. Farrell, Benjamin M. E. Martin, David P. Moore, Jasmine A. Smith, Shane B. Weeden
-
Publication number: 20180084071Abstract: An indication is sent to a host server device. The indication includes a request for a push notification service identification (PNSID). The PNSID is used to establish a secure registration between one or more applications on the computing device of a user and the host server device. The PNSID is received from the host server device. An input is received from the user. The input includes one or more application server devices that may send push notifications to the computing device. A unique key is generated for each application server device. The PNSID and a different unique key are sent to each application server device. Each different unique key is associated with a different application server device. A registration is received from each application server device.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Inventors: David P. Moore, Craig A. Pearson, Shane B. Weeden
-
Patent number: 9742757Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.Type: GrantFiled: November 27, 2013Date of Patent: August 22, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Simon G. Canning, Pranam C. Sreedhar, Patrick R. Wardrop, Shane B. Weeden
-
Patent number: 9350726Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: GrantFiled: September 11, 2014Date of Patent: May 24, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Patent number: 9350739Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: GrantFiled: April 10, 2015Date of Patent: May 24, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20160080383Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: ApplicationFiled: April 10, 2015Publication date: March 17, 2016Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20160080354Abstract: An aspect of recovery from rolling security token loss includes storing, in a memory device accessible by a server computer, a token pair (B) transmitted to a client device. The token pair (B) includes an access token (a2) and a refresh token (r2) and is generated as part of a refresh operation. An aspect also includes storing, in the memory device, a refresh token (r1) that was generated by the server computer before generation of the token pair B. The refresh token (r1) and the refresh token (r2) are each tagged as a valid refresh token. An aspect further includes receiving, at the server computer, a request to access a network resource that includes the access token (a2), invalidating the refresh token (r1), and providing the client device with access to the network resource.Type: ApplicationFiled: September 11, 2014Publication date: March 17, 2016Inventors: Christopher J. Hockings, Trevor S. Norvill, Philip A. Nye, Asha Shivalingaiah, Patrick R. Wardrop, Shane B. Weeden
-
Publication number: 20150150110Abstract: A computer receives a request for protected user data with an access token presented by a client as authorization for the client to access the protected user data in a delegated environment. The computer parses the request to create a device fingerprint identifying the device submitting the request for the client. The computer compares the device fingerprint of the request to a previously stored device fingerprint of an authorized device associated with the access token. The computer automatically determines whether to identify the access token as potentially misappropriated based on the comparison of the device fingerprint of the request to the previously stored device fingerprint.Type: ApplicationFiled: November 27, 2013Publication date: May 28, 2015Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: SIMON G. CANNING, PRANAM C. SREEDHAR, PATRICK R. WARDROP, SHANE B. WEEDEN