Patents by Inventor Steven Sprague

Steven Sprague has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190116038
    Abstract: Embodiments are directed to computer-implemented methods and systems that provide assurance that cybersecurity controls for health and integrity of a device were in place at the time of a service transaction. The methods and systems generate a reference health hash representing initial state of security controls on a device, which is recorded at a network of a trusted service provider using a security token (e.g., RvT token). In embodiments, the trusted service provides is a Blockchain service and the device is configured with a trusted execution environment (TEE). In response to a service transaction, the methods and systems verify current security controls on the device based on generating and comparing a real-time health hash to the recorded reference health hash using the security token. The methods and systems record the results of the verification of the service transaction at the network of the trusted service provider.
    Type: Application
    Filed: October 11, 2018
    Publication date: April 18, 2019
    Inventor: Steven Sprague
  • Publication number: 20180330119
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.
    Type: Application
    Filed: April 16, 2018
    Publication date: November 15, 2018
    Applicant: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20180268169
    Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.
    Type: Application
    Filed: May 21, 2018
    Publication date: September 20, 2018
    Applicant: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20180254898
    Abstract: A device enrollment method and system comprising trusted application code that is executed in isolation from the primary OS of a hosting device and an access control mechanism that manages access to this code. The trusted application code provides hardware-backed cryptographic and authentication services to multiple third party applications. The value of these services is dependent on the integrity of both the trusted application and the third party service applications that access the trusted application. To assert trust, the trusted application may be installed in the device's TEE per existing industry TEE provisioning mechanisms. The process may involve the generation of a unique device key within the trusted application that is signed by a provisioning agent. Through this device key, the access control mechanism obtains cryptographic assurance of the integrity of the trusted application when controlling access to the host device in transactions with online service providers.
    Type: Application
    Filed: March 2, 2018
    Publication date: September 6, 2018
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20180247080
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online on a public service provider's website. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group is granted access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.
    Type: Application
    Filed: April 30, 2018
    Publication date: August 30, 2018
    Applicant: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9990516
    Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: June 5, 2018
    Assignee: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9977921
    Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.
    Type: Grant
    Filed: May 12, 2015
    Date of Patent: May 22, 2018
    Assignee: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9946898
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.
    Type: Grant
    Filed: April 17, 2015
    Date of Patent: April 17, 2018
    Assignee: ESW Holdings, Inc.
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20170243029
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.
    Type: Application
    Filed: April 17, 2015
    Publication date: August 24, 2017
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20170206380
    Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.
    Type: Application
    Filed: May 12, 2015
    Publication date: July 20, 2017
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20170200023
    Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.
    Type: Application
    Filed: May 12, 2015
    Publication date: July 13, 2017
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20160330178
    Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.
    Type: Application
    Filed: April 8, 2016
    Publication date: November 10, 2016
    Inventors: Michael Sprague, Steven Sprague, Robert Thibadeau
  • Publication number: 20160275461
    Abstract: Systems and methods are disclosed that provide for a full validation of an unknown client device prior to acceptance of a block chain transaction would provide further security for block chain transactions. The health of the device can be attested to prior to engaging in electronic transactions. In some embodiments, automation of full device integrity verification is provided as part of a block chain transaction. Certain aspects of the invention enable trust in devices. Some embodiments operate on the fundamental premise that a reliable relationship with a device can make for a much safer, easier and stronger relationship with an end user. Achieving this requires knowing with confidence that a device involved in a current transaction is the same device it was in previous transactions.
    Type: Application
    Filed: March 18, 2016
    Publication date: September 22, 2016
    Inventors: Michael Sprague, Steven Sprague
  • Patent number: 9319419
    Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.
    Type: Grant
    Filed: October 30, 2013
    Date of Patent: April 19, 2016
    Assignee: Wave Systems Corp.
    Inventors: Michael Sprague, Steven Sprague, Robert Thibadeau
  • Patent number: 9047489
    Abstract: Data may be masked on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage that are processed by an internet browser. The system may intercept data, such as text, images, and video input at the data input fields, prior to the data being posted online. The publishing node may control which users are permitted access to the posted data by defining a policy associated with the data input field. The posted data may be transformed or tokenized to ensure that it is inaccessible to a user (or group of users) unless that user/group has access to the decoding key under the policy. In this way, data security and data control may be provided to a publishing user node. Data that has already been posted may be destroyed, for example, by deleting the decryption key or a token.
    Type: Grant
    Filed: November 14, 2011
    Date of Patent: June 2, 2015
    Assignee: Wave Systems Corp.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9043866
    Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.
    Type: Grant
    Filed: September 11, 2012
    Date of Patent: May 26, 2015
    Assignee: Wave Systems Corp.
    Inventors: Steven Sprague, Michael Sprague
  • Patent number: 9015857
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.
    Type: Grant
    Filed: September 11, 2012
    Date of Patent: April 21, 2015
    Assignee: Wave Systems Corp.
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20150089568
    Abstract: Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.
    Type: Application
    Filed: October 30, 2013
    Publication date: March 26, 2015
    Applicant: Wave Systems Corp.
    Inventors: Michael Sprague, Steven Sprague, Robert Thibadeau
  • Publication number: 20130125202
    Abstract: Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.
    Type: Application
    Filed: September 11, 2012
    Publication date: May 16, 2013
    Applicant: Wave Systems Corp.
    Inventors: Steven Sprague, Michael Sprague
  • Publication number: 20130125247
    Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.
    Type: Application
    Filed: September 11, 2012
    Publication date: May 16, 2013
    Inventors: Steven Sprague, Michael Sprague