Patents by Inventor William Aiello
William Aiello has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8813213Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.Type: GrantFiled: May 24, 2013Date of Patent: August 19, 2014Assignee: AT&T Intellectual Property II, L.P.Inventors: William A. Aiello, Charles Robert Kalmanek, Jr., William J. Leighton, III, Patrick McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus E. Van Der Merwe
-
Publication number: 20130263244Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.Type: ApplicationFiled: May 24, 2013Publication date: October 3, 2013Inventors: William A. AIELLO, Charles Robert KALMANEK, JR., William J. LEIGHTON, III, Patrick MCDANIEL, Subhabrata SEN, Oliver SPATSCHECK, Jacobus E. VAN DER MERWE
-
Patent number: 8527426Abstract: The present intention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.Type: GrantFiled: May 19, 2009Date of Patent: September 3, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: William A. Aiello, Aviel Q. Rubin, Martin J. Strauss
-
Patent number: 8453227Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.Type: GrantFiled: December 27, 2006Date of Patent: May 28, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: William A. Aiello, Charles Robert Kalmanek, Jr., William J. Leighton, III, Patrick McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus E. Van Der Merwe
-
Publication number: 20090319431Abstract: The present intention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.Type: ApplicationFiled: May 19, 2009Publication date: December 24, 2009Inventors: William A. Aiello, Aviel Q. Rubin, Martin J. Strauss
-
Patent number: 7536359Abstract: The present invention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand-held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.Type: GrantFiled: December 6, 2004Date of Patent: May 19, 2009Assignee: AT&T Intellectual Property II, L.P.Inventors: William A. Aiello, Aviel D. Rubin, Martin J. Strauss
-
Publication number: 20070204338Abstract: An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall.Type: ApplicationFiled: December 27, 2006Publication date: August 30, 2007Applicant: AT&T CORPInventors: William Aiello, Charles Kalmanek, William Leighton, Patrick McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus Van der Merwe
-
Publication number: 20060190998Abstract: A reverse firewall for removing undesirable traffic from a computing network, such as a virtual private network (VPN), is disclosed. The reverse firewall uses firewall rules that may be determined and maintained within the enterprise network to control communication sent between computers in the computing network. The reverse firewall rules may be used to identify the communications between computers in the network that are undesirable and/or intrusive. For example, a computer in a network that is infected with a worm or that is surreptitiously hosting a denial-of-service attack may be identified by the reverse firewall and quarantined. The reverse firewall may be implemented in hardware and/or software.Type: ApplicationFiled: November 30, 2005Publication date: August 24, 2006Applicant: AT&T CorpInventors: William Aiello, Charles Kalmanek, William Leighton, Patrick McDaniel, Subhabrata Sen, Oliver Spatscheck, Jacobus Van der Merwe
-
Patent number: 7035410Abstract: The broadband telephony interface is provisioned by receiving information authenticating a provisioning server, establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server, and encrypting and transmitting a cryptographic key associated with the user to the provisioning server. The cryptographic key can be a symmetric key or a public key corresponding to a private key stored in the broadband telephony interface. The cryptographic key can be utilized to generate other keys which are utilized to secure communication channels for the telephony service. The broadband telephony interface advantageously can be implemented as untrusted hardware or software that is installed by a customer.Type: GrantFiled: March 1, 2000Date of Patent: April 25, 2006Assignee: AT&T Corp.Inventors: William A. Aiello, Steven Michael Bellovin, Charles Robert Kalmanek, Jr., William Todd Marshall, Aviel D. Rubin
-
Patent number: 6850909Abstract: The present invention permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand-held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.Type: GrantFiled: December 11, 2002Date of Patent: February 1, 2005Assignee: AT&T Corp.Inventors: William A. Aiello, Aviel D. Rubin, Martin J. Strauss
-
Publication number: 20040123139Abstract: Traffic over a secure link or tunnel is filtered to block packets that do not conform to specified requirements for the tunnel. In one embodiment, a private network, such as an ISP network, includes a filter for blocking packets not associated with an IPSec VPN tunnel. The ISP network and/or one or both of the tunnel endpoints can include monitoring modules for detecting the presence of packets that should have been blocked by the filter.Type: ApplicationFiled: December 18, 2002Publication date: June 24, 2004Applicant: AT&T Corp.Inventors: William A. Aiello, Steven Michael Bellovin, Evan Stephen Crandall, Alan Edward Kaplan, David P. Kormann, Aviel D. Rubin, Norman Loren Schryer
-
Patent number: 6496808Abstract: The present method permits a user to conduct remote transactions without a network while using an untrusted computing device, such as a hand-held personal digital assistant or a laptop computer. The computing device is augmented with a smartcard reader, and the user obtains a smartcard and connects it to the device. This design can be used by an untrusted user to perform financial transactions, such as placing bets on the outcome of a probabilistic computation. Protocols are presented for adding (purchasing) or removing (selling) value on the smartcard, again without requiring a network connection. Using the instant protocols, neither the user nor the entity issuing the smartcards can benefit from cheating.Type: GrantFiled: October 5, 1999Date of Patent: December 17, 2002Assignee: AT&T Corp.Inventors: William A. Aiello, Aviel D. Rubin, Martin J. Strauss
-
Patent number: 6397329Abstract: In a system using digital identities, such as a public key cryptosystem using public key certificates, each certificate is part of a data revocation structure of tokens maintained by a certification authority (CA). Certificates may then share tokens with other certificates. By updating certain of these tokens periodically to indicate valid (unrevoked and unexpired) certificates, the number of updated records is reduced. Moreover, in response to a status query, a single token is transmitted in response. This results in a more efficient overall use of both computing and communications network resources. In one version of the invention, the data revocation structure is a binary tree. Each certificate includes each zero token for each node in its path from leaf to root of the tree. The tree is updated periodically to indicate valid and revoked certificates.Type: GrantFiled: November 20, 1998Date of Patent: May 28, 2002Assignee: Telcordia Technologies, Inc.Inventors: William Aiello, Sachin Lodha, Rafail Ostrovsky
-
Patent number: 5892829Abstract: A secure hash function according to the present invention uses a stretch function 202 and a compression function 202 to provide a secure hash value. A stretch function is a function which increases an input string (pre-image). In one version of the invention, a stretch function .function. maps l-bit inputs into 2m bit, where 2m>l. Preferably, the stretch function .function. is one-way. The stretch function randomizes the input string. The output of the stretch function is fed into a compression function c, which compresses the stretch function output from 2m bits to 2n bits, where m>n. The compression function is preferably a cryptographic primitive selected from a family of compression functions. In a preferred embodiment, a standard key scheduling algorithm of the cryptographic compression function (such as DES) is replaced and an output of the stretch function is used as the key.Type: GrantFiled: January 8, 1998Date of Patent: April 6, 1999Assignee: Bell Communications Research, Inc.Inventors: William A. Aiello, Ramarathnam Venkatesan
-
Patent number: 5608801Abstract: Methods and circuitry for generating a cryptographic hash function using a strong pseudo-random generator along with the input data to create high quality pseudo-random keys as indices to pseudo-random functions, as well as a pseudo-random function from 2n bits to 2n bits given a pseudo-random function from n bits to n bits.Type: GrantFiled: November 16, 1995Date of Patent: March 4, 1997Assignee: Bell Communications Research, Inc.Inventors: William A. Aiello, Ramarathnam Venkatesan
-
Patent number: 5515307Abstract: A method for generating random bits which is as fast as popular generators and which has provable strong properties. The method makes use of the unpredictability properties of a relatively slow cryptographically strong generator and the rapid mixing properties of random walks on expander graphs. Use of the cryptographically strong generator is typically restricted to a small off-line or a preprocessing step. Subsequent bits are produced with a few register operations per bit. The method and concomitant generator are useful in at least two different types of applications: for faster reliable simulations (or randomizing algorithms), and cryptographic/encryption schemes.Type: GrantFiled: August 4, 1994Date of Patent: May 7, 1996Assignee: Bell Communications Research, Inc.Inventors: William A. Aiello, Sivaramakrishnan Rajagopalan, Ramarathnam Venkatesan
-
Patent number: 5420928Abstract: Methodology and concomitant circuitry to generate cryptographically strong pseudo-random bit streams utilize secure block cypher encoders. Typically, each block cypher encoder has a first seed and a random key as an input. In the most basic realization of the methodology and circuitry, the output of each encoder is fed back to connect to its input. The first seed serves as the initial input, and each subsequent input is the immediate output. Each bit in the cryptographically strong pseudo-random bit stream is related to an inner product between each input to the encoder and a second seed.Type: GrantFiled: January 25, 1994Date of Patent: May 30, 1995Assignee: Bell Communications Research, Inc.Inventors: William A. Aiello, Ramarathnam Venkatesan